|
The Dirty Dozen - program alert list
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
------------------------------------------------------------------
| |
| THE DIRTY DOZEN -- An Uploaded Program Alert List |
| |
------------------------------------------------------------------
| Issue #8: February 5, 1988 |
| |
| |
| |
| Maintained by Eric Newhouse |
| Originally by Tom Neff |
------------------------------------------------------------------
Recently, many unlawfully copied or modified programs have
appeared on various IBM bulletin boards across the country.
THE DIRTY DOZEN lists known examples.
The author takes no responsibility for the validity or
completeness of this list. Many sources contribute to the list,
and it is very possible that one of the reported 'dirty' files
works perfectly and is in the Public Domain.
Also, users upload bad software to bulletin boards daily, and
often times that bad software is not yet in this list. In other
words, if you run a trojan horse that is not listed in here,
please don't call my board to complain; rather, leave me a message
so that I can place the destructive program in the next issue. If
you are unsure whether a file is trojan, and it's not listed in
here, then I recommend using a utility like BOMBSQAD.COM to
prevent any mishaps. Bombsqad, available on my board, catches
most trojan horses before they can damage your equipment.
There are five major categories of bad software: commercial
pirate jobs, unauthorized copies of otherwise legitimate freeware
programs, malicious "TROJAN" programs which damage your system,
"VIRII," which damage your and your friends' systems, and
miscellaneous illegal software. Please look in the definitions
section of this document for a more detailed explanation of these
terms.
SysOps: Please be careful with the files you post in your
download libraries! A professional quality program should arouse
your suspicions, especially if it doesn't include the author's
name, address, and distribution policy. Such programs are
probably NOT public domain! The BBS community is already under
legislative threat at the State and Federal level. We cannot
fight this trend effectively while our directories sit stocked
with cracked games, virii, and malicious "trojan horses!" Let's
demonstrate a little social responsibility by cleaning up our
download libraries. If you as a SysOp have any of these files on
your system, please delete them and post "blocking" dummy file
entries like this one:
ZAXXON.COM DELETED!! NOT PUBLIC DOMAIN!!
By working together to fight this new brand of software,
perhaps we can eliminate BBS pirates, trojan horse writers,
and legislation aimed at regulating BBS's.
The "Dirty Dozen" aims to bring this important issue to the
attention of more SysOps and users - to act as an information
"clearing-house" for the latest known examples of "bogusware."
Using information gleaned from the Dirty Dozen, an educated public
can fight effectively for safe downloadable files.
The Dirty Dozen needs your help to succeed! Please call in any
updates of bad software that you know of, but DO NOT modify this
article yourself. If everyone who discovers a pirated program
starts modifying the DD, there would be hundreds of issues in
circulation. If you have an update, please see the end of this
article for information on how to reach me with new information.
In addition, I would like to publicly apologize to Mr. Gerhard
Barth. In previous issues, I criticized him for distributing a
modified version of the dirty dozen. Thanks to a few messages
from Karl Brendel, I now know that Gerhard runs a fine well
maintained bulletin board that maintains copies of the true dirty
dozen. Gerhard, I'm sorry for any hassles I may have caused you.
One can be sure of only one thing about hard disks, and that is
that they will crash. Often times a user will blame a program for
a hard disk failure when in fact his problem lies in his/her
hardware. Remember, a Trojan rumor is much easier to START than
it is to STOP. Some people have accused legitimate *joke*
programs, such as DRAIN.COM (which pretends to be gurgling excess
water out of your A drive) of erasing their hard drive. If a
program locks up your system, it isn't necessarily Trojan; it
might not like co-residing with your graphics card or some TSR's.
Ask other users about the program in question before you dennounce
it as Trojan. Run the program again (on your empty drive) to
confirm its malicious intent. In short, make 100% sure that the
program is trojan before ruining the author's reputation. Also, I
would appreciate a bagged specimen of any real Trojan program that
you might have the (un)luck to find.
A user of mine has notified me that some pirates have patched
HARDHAT.COM and PANGO.COM to read "cracked by Eric Newhouse."
This is ridiculous! Please disregard any programs that you may
come across in the future advertising "copy protection busted by
Eric Newhouse." Pirates are simply trying to discourage me
from publishing this list.
Recently someone asked me why pirates don't rename commercial
files inorder to fool SysOps. They do! For example, AUTODEX
circulates under many different names. Although I will try to
keep all of these names current in the DD, the best way to check
for piracy in a file is to run that file yourself. Check for
(C)opyright notices of commercial manufactures, similarities in
the cosmetics and operations of commercial programs, and of course
whether the name or filesize is in this list.
Finally I want to thank all BBS SysOps and users that have sent
me updates, additions, and/or corrections to DIRTYDOZ.007. It's
great to see so much support! In this issue more people than ever
called in with updates. Everyone else who reads this list, along
with myself, really appreciates the effort!
DEFINITIONS:
*VIRUS* (V) BEWARE!! Especially prevalent in universities
and corporal computers, computer virii can wreak
havoc. They, like biological virii, attack
slowly, originating on one computer and
proliferating with time. Virii infect a
portion of a computer, usually the operating
system. Most virii modify floppy disks
(that may or may not be transported to other
computers), adding diabolical code that
instruct other computers to replicate the virii
for still more computers. In other words, the
floppies become virii themselves; they can be
passed around to other people to create more
virii.
Virii can be programmed to sit dormant for
months before acting, just like some biological
virii (AIDS comes to mind). Users can
unwittingly replicate a virus many times. If
people know how to spot virii, however, they
can usually prevent damage.
Virii generally add their code to COMMAND.COM,
IBMBIO.COM, or IBMSYS.COM. These three files,
which DOS places on every system disk, are the
only files copied to other disks and run on
other machines often enough to do any damage.
If you see the filesizes on these files change,
beware a virus!
For further information on Virii, everyone may
download VIRUS.ARC from my board.
*TROJAN* (T) These programs PURPOSEFULLY damage a user's
system upon their invokation. They almost
always will shoot to disable hard disks,
although they can destroy other equipment too.
It is IMPERATIVE that you let me know about any
new examples of these that you find.
There are more than one way a TROJAN can
disable your hard disk. For a comprehensive
list of examples, please skip to "What to do if
you run a trojan horse" later in this document.
HACKED (H) An unlawfully modified copy of an otherwise
legitimate public domain or user-supported
program. It is illegal to distribute a
modified copy of someone else's work without
their permission! All modified programs must
contain this permission, either in the
program's display or documentation.
*CAUTION* (C) Programs labeled in this manner may or may not
be trojans; the question is unresolved. Use
caution when running these programs!
PIRATED (P) This is an illegal copy of a commercial,
copyrighted program. Examples: a cracked
(de-protected) game, a compiler, editor or
other utility, or a Beta test copy of a program
under development. In the latter case, the
program in question may never make it to market
due to the piracy! In the case of games,
there's a tendency for the pirate to patch a
clumsy "PUBLIC DOMAIN" notice over top of the
original copyright. ZAXXON.COM is a prime
example.
MISC (M) This is miscellaneous illegal software and/or
text. The best definition, aside from that,
that I can think of is that it's NOT pirated
software.
NOTE: If I do not supply a file extension, that means that the
file circulates under many different extensions. For instance,
users commonly upload with extensions of either: .EXE, .COM,
.EQE, .CQM, .LBR, .LQR, and .ARC.
------------------------------------------------------------------
| VIRII |
------------------------------------------------------------------
Name Size Category Notes
------------- ------ - -----------------------------------------
COMMAND.COM ????? V This is a traditional Virus. Originating
in colleges and universities accross the
nation, this virus will embed itself in
COMMAND.COM. Once there it will copy
itself onto FOUR floppies before
scrambling your FAT and initiating a
format. Beware!
------------------------------------------------------------------
| TROJAN HORSE PROGRAMS: |
------------------------------------------------------------------
Name Size Category Notes
------------- ------ - -----------------------------------------
ANTI-PCB T The story behind this trojan horse is
sickening. Apparently one RBBS-PC sysop
and one PC-BOARD sysop started feuding
about which BBS system is better, and in
the end the PC-BOARD sysop wrote a trojan
and uploaded it to the rbbs SysOp under
ANTI-PCB.COM. Of course the RBBS-PC
SysOp ran it, and that led to quite a few
accusations and a big mess in general.
Let's grow up! Every SysOp has the right
to run the type of BBS that they please,
and the fact that a SysOp actually wrote
a trojan intended for another simply
blows my mind.
ALTCTRL.ARC T This program reputedly trashes boot
records. Other than that, I know nothing
about it.
ARC513.EXE T This hacked version of SEA's ARC.EXE
appears normal. However, it writes
over track 0 of your [hard] disk upon
usage, destroying the disk's boot sector.
ARC514.COM T This is completely similar to arc
version 5.13 in that it will overwrite
track 0 (boot sector) of your hard disk.
Also, I have yet to see an .EXE version
of this program..
BACKALLY.COM 64512 T This sophisticated trojan will axe your
FAT table after a couple of months of
usage. Beware the delayed trojan!
Backally MAY only work on floppy disks,
but that sounds unlikely. Debug has
shown that BACKALLY formats a track at
one point as well as reading in the
amount of freespace on your disk. It may
only wipe out full disks, like NOTROJ.
Please, be wary! An included .BAT file
comes with a request for donations to
"SomeWare" located in Frederickburg, VA.
Look out for other products from
SomeWare!
BACKTALK T This once beneficial utility will
write/destroy sectors on your [hard] disk
drive. Use this with caution if you
acquire it, because it's more than likely
that you got a bad copy.
CDIR.COM T This program supposedly gives you a
color directory of files on disk, but it
in fact scrambles your disks FAT
table.
COMPRESS.ARC T This trojan, dated April 1, 1987,
destroys FAT tables. COMPRESS is
executed from a file named RUN-ME.BAT and
is advertised as a 'Shareware 'ARC' from
Borland!'
DANCERS.BAS T This trojan shows some animated dancers
in color, and then proceeds to wipe out
your [hard] disk's FAT table. There is
another perfectly good copy of
DANCERS.BAS on BBS's around the country;
apparently the author altered a
legitimate program to do his dirty work.
DEFENDER.ARC T This trojan both writes to ROM bios and
formats [hard] disks. The Duplicators
claim credit for this trojan; be ware of
other products by them. Also, do not
confuse this trojan with DEFENDER by
Atari. The latter is a pirated program.
DISCACHE.EXE T This program uses direct BIOS routines
to write to disk. Apparently, those BIOS
routines will scramble your FAT table.
Please see DISCACHE.WNG, a file that I'm
looking for myself, for more information.
DISKSCAN.EXE T This was a PC Magazine program to scan a
[hard] disk for bad sectors, but then a
joker edited it to WRITE bad sectors.
Also look for this under other names such
as SCANBAD.EXE and BADDISK.EXE...
DMASTER T This is yet another FAT scrambler..
DOSKNOWS.EXE T I'm still tracking this one down --
apparently someone wrote a FAT killer and
renamed it DOSKNOWS.EXE, so it would be
confused with the real, harmless DOSKNOWS
system-status utility. All I know for
sure is that the REAL DOSKNOWS.EXE is
5376 bytes long. If you see something
called DOSKNOWS that isn't close to that
size, sound the alarm. More info on this
one is welcomed -- a bagged specimen
especially.
DPROTECT T Apparently someone tampered with the
original, legitimate version of DPROTECT
and turned it into a FAT table eater.
DROID.EXE 54272 T This trojan appears under the guise of a
game. You are supposably an architech
that controls futuristic droids in search
of relics. In fact, the program copies
C:\PCBOARD\PCBOARD.DAT to
C:\PCBOARD\HELP\HLPX if PC-Board SysOps
run it from C:\PCBOARD
EGABTR T BEWARE! Description says something like
"improve your EGA display," but when run
it deletes everything in sight and prints
"Arf! Arf! Got you!"
ELEVATOR.ARC T This poorly written trojan suggests in
the documentation that you run it on a
floppy. If you do not run it on a
floppy, Elevator chastises you for not
reading the documentation. Regardless of
what disk you run it on, Elevator will
erase your files. It MAY format disks
too; be careful. One more interesting
point to note: my name is plastered all
over this program; the writers attempt to
lay the blame for this trojan on me.
EMMCACHE ???? C This program is not exactly a trojan,
V. 1.0 but it may havethe capability of
destroying hard disks by:
A) Scrambling every file modified after
running the program,
B) Destroying boot sectors.
This program has damaged at least two
hard disks, yet there is a base of
happily registered users. Therefore, I
advise extreme caution if you decide to
use this program.
FILER.EXE T One SysOp complained a while ago that
this program wiped out his 20 Megabyte
HD. I'm not so sure that he was correct
and/or telling the truth any more. I
have personally tested an excellent file
manager also named FILER.EXE, and it
worked perfectly. Also, many other
SysOp's have written to tell me that they
have like me used a FILER.EXE with no
problems. If you get a program named
FILER.EXE, it is probably allright, but
better to test it first using some
security measures.
FINANCE4.ARC ?????? C This program is not a verified trojan,
but there is a file going around BBS's
warning that it may be trojan. In any
case, execute extreme care with it.
FUTURE.BAS T This "program" starts out with a very
nice color picture (of what I don't know)
and then proceeds to tell you that you
should be using your computer for better
things than games and graphics. After
making that point it trashes your all of
your disk drives, starting with disk A:.
Not only does Future scramble FATs, but
it also erases files. As far as I know,
however, it erases only one sub-directory
tree level deep, thus hard disk users
should only be seriously affected if they
are in the "root" directory. More
information about this is especially
welcome.
MAP T This is another trojan horse written by
the infamous Dorn W. Stickle. I believe
that there are legitimate MAP.EXEs
floating around.
NOTROJ.COM T This "program" is the most sophisticated
trojan horse that I've seen to date. All
outward appearances indicate that the
program is a useful utility used to FIGHT
other trojan horses. Actually, it is a
time bomb that erases any hard disk FAT
table that IT can find, and at the same
time it warns: "another program is
attempting a format, can't abort!" After
erasing the FAT(s), NOTROJ then proceeds
to start a low level format. One extra
thing to note: NOTROJ only damages FULL
hard drives; if a hard disk is under 50%
filled, this program won't touch it! If
you are interested in reading a thorough
report on NOTROJ.COM, James H. Coombes
has written an excellent text file on the
matter named NOTROJ.TXT. If you have
trouble finding it, you can get it from
my board.
TIRED T Another scramble the FAT trojan by Dorn
W. Stickle.
TSRMAP T This program does what it's supposed to
do: give a map outlining the location (in
RAM) of all TSR programs, but it also
erases the boot sector of drive "C:".
PACKDIR T This utility is supposed to "pack" (sort
and optimize) the files on a [hard] disk,
but apparently it scrambles FAT tables.
PCLOCK T This program reputedly destroys FAT
tables! Be careful!
PCW271xx.ARC T A modified version of the popular
PC-WRITE word processor (v. 2.71) has now
scrambled at least 10 FAT tables that I
know of. If you want to download
version 2.71 of PC-WRITE be very careful!
The bogus version can be identified by
its size; it uses 98,274 bytes wheras the
good version uses 98,644. For reference,
version 2.7 of PC-WRITE occupies 98,242
bytes.
QUIKRBBS.COM T This Trojan horse claims that it can
load RBBS-PC's message file into memory
200% faster than normal. What it really
does is copy RBBS-PC.DEF into an ASCII
file named HISCORES.DAT...
QUIKREF T Little is known about this trojan, other
than it scrambles FATS
RCKVIDEO T This is another trojan that does what
it's supposed to do, then wipes out hard
disks. After showing some simple
animation of a rock star ("Madonna," I
think), the program erases every file it
can lay it's hands on. After about a
minute of this, it will create 3 ascii
files that say "You are stupid to
download a video about rock stars," or
something of the like.
SCRNSAVE.COM C I know nothing about this program, but a
user of mine reports that it erases HD's.
SECRET.BAS T BEWARE!! This may be posted with a note
saying it doesn't seem to work, and would
someone please try it. If you do try it,
however, it will format your disks.
SEX-SNOW.ARC T This trojan deletes all of the files
in your directory and creates a gloating
message using those filenames. Ugly.
SIDEWAYS.COM T Be careful with this trojan; there is a
perfectly legitimate version of
SIDEWAYS.EXE circulating. Both the trojan
and the good SIDEWAYS advertise that they
can print sideways, but SIDEWAYS.COM will
trash a [hard] disk's boot sector
instead. The trojan .COM file is about 3
KB, whereas the legitimate .EXE file is
about 30 KB large.
STAR.EXE T Beware RBBS-PC SysOps! This file puts
some stars on the screen while copying
RBBS-PC.DEF to another name that can be
downloaded later!
STRIPES.EXE T Similar to STAR.EXE, this one draws an
American flag (nice touch), while it's
busy copying your RBBS-PC.DEF to another
file (STRIPES.BQS) so Bozo can log in
later, download STRIPES.BQS, and steal
all your passwords. Nice, huh!
TOPDOS T This is a simple high level [hard] disk
formatter. Do not confuse this with the
pirated TOPDOS.COM.
VDIR.COM T This is a disk killer that Jerry
Pournelle wrote about in BYTE Magazine.
I have never seen it, but two users of
mine have.
VISIWORD.ARC C A user of mine called this trojan in
complaining that it destroyed his hard
disk. Other than that, I know nothing
about this program.
------------------------------------------------------------------
| HACKED PROGRAMS: |
------------------------------------------------------------------
| |
| '*' = not verified by program's author |
| |
------------------------------------------------------------------
ARC.COM H Someone keeps running SPACEMAKER or a
similar EXE squeezer on SEA, Inc.'s ARC
archive program, then uploading the
resulting COM file to BBS's without the
author's permission. SEA will NOT
support the COM version, for they
definately do not allow modifying ARC.EXE
in their license agreement.
AUTOMAXX.ARC C This DOS menu-making program comes with
documentation that Marshall Magee, author
of the popular AUTOMENU program, contends
is plagiarized. Marshall believes that
the AUTOMAXX documentation uses exact
phrases from his documentation, and if
this is the case, AUTOMAXX is clearly
illegal. However, as I understand it,
the courts are currently deliberating on
the case, so AUTOMAXX is not currently
illegal. of today. For more information,
please contact Marshall Magee at (404)
446-6611.
DOG102A.COM * H Apparently this is a renamed early
version of DP102A.ARC, a disk optimizer.
One person has reports that it trashes
hard disks that use DOS 3.1 (2KB
clusters).
LIST60 H Vern Buerg's LIST 5.1, patched to read
6.0. Mr. Buerg has released a legitimate
version 6.0 of LIST. Every legit.
version will have a letter in the
filename (e.g. LIST60H.ARC)
LIST799 H Vern Buerg's LIST 5.1, patched to read
7.99.
QMDM110.ARC H This is version 1.09 of Qmodem patched
to read 1.10. There have been rumors of
a worm in 1.10, but I have seen no
evidence of it. Other versions are OK.
------------------------------------------------------------------
| PIRATED PROGRAMS: |
| |
| |
| TYPES: |
| Game (G) -- Recreational Software, usually high Quality |
| Util (U) -- a disk, screen, or general utility |
| Misc (M) -- Miscellaneous (not a game or utility) |
------------------------------------------------------------------
Note: While close to 98%-99% of BBS's that I've seen do NOT
distribute pirated files, the small minority that do slander the
reputations of honest SysOp's nationwide. Unfortunately, 1%-2% of
thousands of BBS's is a sizable number. Over the last couple of
years this 1%-2% has distributed so many files that even the most
conscientious SysOp can hardly hope to recognize all commercial
software.
You may ask: "How can we fight piracy, then?"
SysOp's and users alike must search ALL programs for signals
that can reveal a program as commercial. Look for Copyright
signs. Suspect good games with sparse if any documentation. If
you notice that a program is pirated, calmly inform your local
SysOp's of the menace. In order to beat piracy, we must
communicate!
Name Size Category Notes
------------- ------ -- ----------------------------------------
1DIR.COM PU "The ONE Dir": DOS shell.
21C.EXE PG Blackjack, copyright by IBM
ACUPAINT.ARC 148221 PM PC Paint
ALLEYCAT.COM PU "Alley Cat" - CGA
ALTEREGO.ARC 45???? PG Alter Ego game from Activision
ARCHON.COM PG Electronic Art's Archon.
ARTOFWAR PG Ancient Art of War by Broderbund
AUTODEX PU AUTODEX, file manager
AXX.EXE PU Also AUTODEX
B1-BOMB PG Avalon Hill's B1 Bomber
BATTLE PG Battle Zone
BBCHESS PG Blues Box Chess
BC-QUEST PG Bc's Quest for Tires
BIGMAC.ARC PU Borland's Superkey
BORDERZO.ARC 205824 PG Infocom's Borderzone
BORROWED.ARC PG Borrowed Time
BRUCELEE PG Bruce Lee
BUCK PG Buck Rogers on Planet Zoom
BURGER PG Burgertime
BUSHIDO PG Karate Game by a manufacturer in Canada.
BUZZBAIT PG Buzzard Bait
CALL2ARM PG Call to Arms
CENTIPED PG Be careful with this one. At least two
other legitimate, PD copies of
Centipede are in circulation. The
pirated one is supposedly PUBLIC DOMAIN
BY ATARI. Yeah, Right.
CMASTER.ARC PG Chess Master 2000 by Electronic Arts
COMMANDR.ARC PG Norton Commander
COSMIC PG Cosmic Crusaders
COPYRITE PU Quaid Software's COPYWRITE
COPYWRIT PU Quaid Software's COPYWRITE again
COSMIC PG Cosmic Crusaders again
CROSFIRE.COM PG Crossfire
CRUSH-CC.ARC PG Crush, Crumble & Chomp
DAMBUST.ARC PG Dambusters by Accolade cracked
DEB88.EXE PM DeSmet 'C' debugger
DECATH PG Microsoft's Decathalon
DEFENDER PG Defender, by Atari
DIGDUG.COM PG Dig Dug, also by Atari
DIGDUG.COM PG Dig Dug again
DISKEX PU Quaid's Disk Explorer
DOSHELP.EXE PU This is really Central Point
Software's PC-tools. One special note:
poorly written documentation usually
accompanies this file. In the
documentation ERIC HSU asks for a
monetary contribution to his bbs.
Well, It seems that this was a poor
attempt to damage ERIC HSU's
reputation; Eric is a legitimate SysOp
in the Houston area.
DOSMENU.ARC 208240 PU INTECH'S DOSMENU - Opening screen says
"PC DOS MENU SYSTEM 5.0." - (C) is on
the bottom of the screen.
DOSSHELL PU Autodex again
DRL PG Avalon Hill's "Dnieper River Line."
DIPLOMCY PG Avalon Hill's "Computer Diplomacy" game.
EGADIAG PU Quadram EGA (Quad EGA+) diagnostics.
EINSTIME PU IBM internal utility
EXPLORER.COM PU Quaid Disk Explorer again
EVOLUTIO PG Evolution
F15 PG F-15 Strike Eagle
FIGHTER.ARC PG Sublogic's JET
FILEEASE PU A File manager
FILEMGR PU Filemanager by Lotus Devel. Corp.
FILEMAN.COM 1???? PU Also Filemanager
FINDIT PU IBM internal 'locate a file' utility
FSDEBUG PU IBM's Full Screen Debug program..
GOLDCUP PG Gold Cup championship soccer
GOLF21.ARC PG Golf's Best version 2.1
GREMLINS.COM PG Gremlins
HARDHAT.COM PG Hard Hat Mack
HIGHORBT PG High Orbit (like Star Wars)
HOOP.COM PG One-on-1 by Electronic Arts
ID PU Persyst Ram disk software
IBM21 PG 21c again
IKARI.ARC 210944 PG Ikari Warriors - CGA/EGA, joystick reqd.
IPLTIME.COM PU IBM Internal Clock utility
JBIRD PG Jbirds -- Q-bert Game
JEOPARDY 195??? PG Jeopardy, the game show.
JET PG Jet
JETDRIVE.ARC PU Jet Drive -- copies files quickly
JOUST PG Joust. There is a 6K, PD version
KEYWORKS.ARC PU Keyworks macro program, usu. version 2.0
KOBAYASH.ARC PG Star Trek -- The Kobayashi Alternative
KONG PG Donkey Kong
LIGHTNIN PU Can be either the cache or spell checker
MACE+ PU Paul Mace's MACE+ utilities
MACROS PU Again Superkey - sometimes Prokey
MEDMAG.COM PU Quaid Software's Media Magician
MINER49R.ARC PG Miner '49er
MISSLEC PG Missle command
MONTYS.COM PG Montezuma's Revenge
MOONBUGS PG Moon Bugs
MS PU IBM utility.
MTS PU IBM Multitasker like Double-Dos
MULE PG M.U.L.E -- players is on alien planet
MULTASK PU MTS again
MURDRBY# PG Murder by Numbers by Electroni Arts
MUSICCON PM Music Construction Set, also by EA
NFL.ARC PG Xor's NFL challenge.
NGHTSTLK PG Night Stalker
NICE PM NicePrint - printer controller
NODISK-A.COM PU Central Point software's Nokey
NORTON.COM PU Peter Norton's Utilities
ANORTON.ARC PU Peter Norton's Advanced Utilities
NOVATRON PU Tron light cycles
ONE-ON-1 PG One-on-1 basketball game, again
PATHMIND PU Pathminder, Dos Shell
PC-POOL PG Pool
PC-TOOLS PU Central Point Software's PC-tools
PCBOSS PU DOS shell
PCED PU Pro CED, DOS command line editor
EII PU IBM Personal Editor II
PINCONST PG Pinball Construction Set by EA
POOL.ARC PG PC-POOL again
POPALARM.COM PU Part of POP DOS
POPDOS.ARC PU TSR DOS utilities
PRIME PU Columbia Data Co. hard disk utility.
PROKEY PU Prokey macros program
PROMPRPH PG Star Trek -- The Promethian Prophesy
PSHIFT PU Memory Shift
PSRD.ARC PU IBM utility (redirects PrtSc)
QDOS PU Quick DOS
QUCKDOS PU Quick DOS
QIX PG Qix
RACTER PG Racter
RASTER-B PG Raster Blaster
RE.ARC PG Romantic Encounters at the Dome
RIGHTW PU Right Writer (writing style checker)
ROBOTRON PG Robotron, hacked to read PUBLIC DOMAIN
BY ATARI. Do pirates have any
imagination?
ROGUE.EXE PG Game very similar to the PD: HACK.EXE
ROMANTIC PG Romantic Encounters at the Dome, again
SEADRAG.ARC PG Sea Dragon
SEE PM DeSmet editor
SFX PU Autodex (again!)
SKYRUNER PG Sky Runner, $14.95 game.
SM.COM PU Realia's Spacemaker utility. .EXE->.COM
SMAP PU IBM Internal utility, with the copyright
notice and real author's name replaced
by "Dorn W. Stickle".
SNIPER PG Sniper -- arcade action type game.
SOLOFLT.ARC PG Solo Flight (by SSI?) cracked
SPYHUNT PG Bally's Spy Hunter
STARFLIT.ARC 30???? PG Electronic Art's Star Flight
STARGATE.EXE 57??? PG Hacked to say "PUBLIC DOMAIN BY ATARI,"
but don't you believe it! Be careful
not to confuse this arcade game with
the public domain STARGATE MERCHANT
game, which is a little 12 KB BASIC
program by G. E. Wolfworth.
STRIPKR PG Strip Poker by Artworx
SUBCMDR.ARC PG Gato cracked: SUBCMDR.EXE & overlays
SUPERCAD PM Easy CAD
SUPERCAD.LQR 242660 PM Easy CAD again.
SUPERKEY PM Superkey again
TEMPOFAP PG Temple of Apshai
THEQUEST.BAS/EXE PG The Quest
TIRES.EXE PG Bc's Quest for Tires again
TREASURE PG Pirate's Treasure
TROJAN.ARC 304128 PG Trojan - CGA/EGA, (C) 1987, like D&D.
TWIN.ARC 22784 PU Central Point's Copy II PC
TWINCOPY.ARC 22784 PU Also Copy II PC
ULTIII 111616 PG Origin's Ultima 3
ULTIMA2.ARC 84992 PG Origin's Ultima 2
UTILITY PU Norton's Utilities Arced and with the
file names changed. When run, however,
the programs display the copyright
notice of Peter Norton. Many other
pirated utilities could also go under
the name UTILITY.
VOYAGERI PG Avalon-Hill Game
VS PU Also INTECH'S DOSMENU
WCKARATE PG World Championship Karate by Epyx
WG-BBALL PG World's Greatest Baseball Game by SSI
WGAMES PG World Games by Epyx
WORSTR PU Word Star
XDIR PU Pre-release version of DOS FILE TRACKER
XTREE PU DOS shell
XTREE+ PU Xtree Plus
ZAXXON PG Hacked to say "PUBLIC DOMAIN BY SEGA."
(sound familiar?)
------------------------------------------------------------------
| MISCELLANEOUS ILLEGAL FILES: |
| |
| TYPES: |
| Game (G) -- Recreational software |
| Patch (P) -- Modification to another program usually |
| performed through debug. |
| Text (T) -- Text / Documentation File |
| Util (U) -- Utility of some sort |
------------------------------------------------------------------
Name Size Category Notes
------------- ------ -- ----------------------------------------
COPYWRIT 2??? MP Although the real COPYWRITE is going
around Bulletin Boards like fire, there
is another illegal file under the same
name. The former takes around 40 KB
ARC-ed, whereas this takes about 2 KB.
What I'm referring to is an archive of
1-3 files that explains how to remove
the serial numbers from copywrite. Now
it's allright to "unprotect" a program
for backup purposes, but removing serial
numbers can only lead to piracy.
LOCKPICK MT This is a text file, usually with a
.TXT extension, that casually explains
how to pick locks. This is not
illegal, but it's definitely in
poor taste. It could be used as
evidence against a burglar, though.
MONEY.ARC MT This text file claims that with minimal
MONEY.TXT 11648 effort YOU can become a millionaire.
This text file, as some of you may know,
is simply another chain (pyramid) letter
that is of course illegal. A pyramid
writer sends a letter to four people
requesting money. Then, according to
the pyramid writer's plan, those four
will send letters to four more asking
for money for themselves and the
original writer. Unfortunately when the
chain breaks people lose money. What
one person gains someone else must lose.
That's why this type of letter is
illegal.
MONOPOLY MG This program may or may not infringe
upon Parker Brothers's patent of the
famous boardgame. One of my users
claims that the court sides with Parker
Brothers. Don Gibson, the author
of monopoly, says that he and Parker
Bros. have settled out of court and
Monopoly is 100% legal. I don't know
what to think. If monopoly IS illegal,
however, then so is PCOTHELO.ARC
(Othello) and a few other boardgames
that are circulating on BBS's. Someone,
PLEASE! Let me know what the status on
monopoly is. Until proven otherwise,
Monopoly is LEGAL.
MOVBASIC or MU This highly illegal file breaks IBM's
SBASICA or copyright on BASIC and
BASICA. It SBASIC creates new files
called SBASIC or SBASICA that run "IBM
BASIC" on an IBM clone. C'mon, don't
you think that these clones don't run
IBM BASICA for a good reason? The
clones don't support BASICA because it's
illegal! This file comes with Alloy's
PC-Slave card. Alloy has a license
agreement, and users of the PC-Slave are
allowed to create copies of IBM BASIC
for themselves. NO ONE ELSE IS. Stop
complaining that this file is legal,
people; this is one of the more blatent
cases of piracy that I've seen.
XTALK MP Like Copywrite, there is a patch
circulating BBS's to remove the serial
numbers from Crosstalk.
------------------------------------------------------------------
| Many thanks for updates to version 7.0 from: |
------------------------------------------------------------------
| |
| 1. THE SOURCE information service. |
| 2. Mark Garvin |
| 3. Robert Ready |
| 4. Michael Part |
| 5. Kevin Ennis |
| 6. Laura Conlin |
| 7. Steve Ekwall |
| 8. Tom Bothwell |
| 9. PJ Ponder |
| 10. Bob Stein |
| 11. Oli Karpathy |
| 12. Paul Halpern |
| 13. Dave Manning |
| 14. Linda Thompson |
| 15. Greg Cook |
| 16. Vince Liesenfeld |
| 17. Terry Gefael |
| 18. You? |
| |
------------------------------------------------------------------
This is the end of the "bad files list." The rest of this
document contains instructions on what to do if YOU run a trojan
horse, an update history, a glossary, and information on how and
where to contact me with updates.
------------------------------------------------------------------
| If you run a trojan horse.. |
------------------------------------------------------------------
While reading this, bear in mind that there is no better remedy
for a drive that has run a trojan horse than a recent backup..
AARGH! Perhaps your hard disk sounds like a sick moose. Perhaps
your drive light starts flashing repeatedly, like a police car's
lights. Perhaps your drive just sits in the computer, and the
computer doesn't acknowledge its presence.
Having watched my drive crash many times, I can understand the
frustration you will feel after your hard disk conks out. While a
faulty hard drive, disk controller, or cable can make these
ailments uncurable without spending a lot of money, usually you
CAN recover from a trojan horse with only investing a little time.
After running a trojan horse, the first thing to do is calm down.
Face the situation stoicly; it may prevent your hair from turning
gray. Diagnose the damage. Was your [hard] drive formatted?
Did the trojan scramble your FAT table? Did it erase every file?
Did it erase or format your [hard] drive's boot sector? The odds
are that the trojan incurred one of these four disasters.. After
a successful diagnosis, you are ready to remedy the problem.
1) If the trojan low-level formatted your [hard] disk:
Hope that you have a recent backup; that's the only remedy
for this disease.
2) If the trojan high-level formatted your [hard] disk:
About a year ago Paul Mace introduced a way to recover
formatted data. Unfortunately, most programs can only
recover formatted data COMPLETELY if you run a "snapshot"
program right before the format. The reason: DOS
fragments large files and without an accurate map of the
formatted disk, unformatters have problems dealing with
such files. You will need one of these three programs to
recover your disk if the trojan formatted it:
1. PC-Tools (Central Point, $79.95 retail)
2. Mace+ Utilities (Paul Mace $99.95 retail)
3. Advanced Norton Utilities (Peter Norton, $150.00
retail)
There is at least one other program that can unformat
disks, but the name of it is slipping my mind. As of this
printing, PC-Tools probably has the best unformatter. It
can reputedly reconstruct formatted disks regardless of
the disks state of fragmentation. PC-Tools may not be
right for your other disk management needs, however, so
you should talk to a salesmen about these products before
making a purchase.
3) If the trojan scrambled your FAT table:
Sector editors such as those included in the Norton
Utililites, PC-Tools, and a host of other popular utility
packages (not Mace+) allow experienced users to piece
their FAT backtogether from Gibberish. This avenue of
recovery is only open to extremely proficient users,
however. Everyone else, including myself, must rely on a
FAT backup program to provide a feeling of security.
FATBACK.COM (available on my board) will back up your FAT
table in under a minute to floppy. FATBACK makes FAT
backup easy and non time consuming.
4) If the trojan erased file(s), and the FAT table is
undamaged:
There are many commercial and public domain packages
available that undelete deleted files. Norton Utilities,
PC-Tools, MACE+, and UNDEL.COM will all do the job. The
commercial products are all more reliable in undeleting,
but they are also more expensive that the Public-Domain
UNDEL. Always undelete your most recent files first; that
is, undelete files in the order of last time written to
disk. I know that PC-Tools automatically lists
undeletable files in the correct order, but the other
three may not.
5) If the boot sector on your hard disk gets
erased/formatted:
There are four things to do if this happens, and the
worst that can happen is that you will go without a hard
disk for a while. Backup before proceeding with any of
the steps here, for you may have to destroy some files to
restore your hard disk to boot status.
A) Try doing a "SYS C:" (or "SYS A:") from your
original DOS disk. Then copy COMMAND.COM back onto
the hard drive. If your hard drive still won't boot
then try step B.
B) If you have the MACE+ utilities go to the "other
utilities" section and "restore boot sector." This
should do the job if you have been using MACE+
correctly.
C) If you are still stuck, BACK EVERYTHING UP and
proceed to do a low level format. Instructions on
how to perform a low-level format should come with
your hard disk controller card. Be sure to map out
bad sectors using either SCAV.COM by Chris Dunford
or by manually entering the locations of bad sectors
into the low level format program. After the low
level format run FDISK.COM (it comes with DOS) to
create a DOS partition. Refer to your DOS manual
for help in using FDISK. Then put your original DOS
diskette in drive A: and type FORMAT <drive
letter>:/S/V. <Drive letter> represents the letter
of the disk you are formatting. Try rebooting
again.
D) If you are still stuck, either employ some
professional computer repairmen to fix your drive,
or live with a non-bootable hard drive..
------------------------------------------------------------------
| Update History: |
------------------------------------------------------------------
Version 1.0 Tom Neff enters a dozen "bad" files in the
initial "dirty dozen."
Version 2.0 Sees the addition of a short introduction and 3
more files. Again, I play no role in this
version.
Version 3.0 I write version 3.0. Tom Neff appears to have
lost interest in the DDoz, so I take over. I
add 22 files and completely rewrite the
introduction. Version 3.0 has a total of 37
files.
Version 4.0 I add another 30 or so files to the list,
making the DDoz 65+ files strong, as well as
adding a few paragraphs to the introduction.
Version 5.0 By the time I release version 5.0 to the
public, the Dirty Dozen is being greeted
favorably and with enthusiasm around the
country. Updates start coming in with
regularity; the list prospers (if one can say
that about a list!). I add a few more
paragraphs to the introduction and about 40 new
files bringing the file total up to 103!
Version 6.0 The Dirty Dozen is now such a big project that
I am now writing it in stages. Although I am
going to make absolutely no effort to spread
these "intermediate versions," they will always
be downloadable from my board. This way
everyone can keep an extremely current, if only
minorly modified, issue of the DD. You might
think of stage "a" of issue #6 as version 6.1,
stage "b" as version 6.2, stage "c" as version
6.3, etc.
New in version 6.0 is the following:
A) Many minor revisions,
B) 17 more files, bringing the total to
120!
C) Two new paragraphs in the introduction,
D) Instructions on how to recover from a
trojan horse,
E) A comprehensive glossary,
F) This update history,
G) An acknowledgments section set up for
major contributors of information
regarding new bogusware
H) A new bogusware catagory of
"miscellaneous illegal software."
Version 7.0 The major changes in this version take place
in the revision stages. From 6.0a to 6.0l I
add fifteen trojan horses, six commercial
programs, two miscellanous files, and two
hacked programs. I also rewrite part of the
introduction, adding a paragraph, and I augment
the glossary at the end of this document.
While 6.0l contains a good deal of version 7.0;
however, version 7.0 is considerably different
than 6.0l. For example, I add seventeen new
pirated programs, bringing the file total to a
whopping 165! Moreover, I rewrite virtually
every paragraph in order to 'stylize' (clean up
the writing in) the document.
Once again I would like to thank all users who
called in updates to the Dirty Dozen; such
users encourage me to keep maintaining the
dirty dozen!
Version 8.0 One of my hard disks has been down for about
six months. Unfortunately version 8.0 was
ready for release RIGHT before the hard disk
crash, and, naturally, the new version was on
the busted HD un-backed-up. Finally I've taken
the time (about 50 hours) to just sit down and
work with the Dirty Dozen. I feel guilty that
I've held back the DDoz for so long, but
fortunately until recently there have been NO
trojan horses to report. In anycase, I have
modified v. 7.0 of the Dirty Dozen extensively;
changes include:
1) New illegal software category: VIRUS.
Virii are potentially more dangerous than
trojan horses.
2) New illegal software category: CAREFUL
These file are suspect; excercise caution
when running these unverified programs.
3) All paragraphs rewritten. There were
quite a few cases of ambiguity in version 7.0;
now I hope to have eliminated those cases.
4) New Field added for filesize. One of
these days trojan horse authors will think and
start uploading old trojans using new
filenames. To combat this possibility, the
Dirty Dozen now holds a filesize for EVERY new
file added. This way you can crossreference
file descriptions and filesizes to nip a trojan
in the bud.
5) The Dirty Dozen is now printable. The
right margin is now 66, so all printers should
be able to print the DDoz without printing off
the right side of the paper.
6) 1 new Virus added.
7) 9 New Trojan Horses added
8) 22 New Pirated programs added
9) 0 New Hacked programs added
10) 2 New Miscellaneous files added
11) 1 New Careful file added
12) Glossary Update
Total bad files listed: 200
Note: I still have quite a few pirated files to add,
but in the interest of warning YOU of all the new trojans recently
released, I will hold those pirated files off for version 8.0a.
Dates of release:
Version 1.0 -- October 20, 1985.
Version 2.0 --
Version 3.0 --
Version 4.0 --
Version 5.0 --
Version 6.0 --
Version 7.0 -- January 3, 1987.
Version 8.0 -- February 5, 1988.
------------------------------------------------------------------
| Glossary: |
------------------------------------------------------------------
| |
| This glossary is for the beginning to intermediate level |
| user. Experienced users can skip this with confidence. All |
| users should use this as a reference since this material makes |
| for exceptionally droll. reading. |
| |
------------------------------------------------------------------
?Q? -- ('?' represents any character) File extension for
SQueezed files. Squeezed files are unusable until
unsqueezed by a utility such as NUSQ.COM or
USQ.COM. The advantage of a SQueezed file is that
it is smaller than a regular UnSQueezed file,
thus saving disk space and download time.
ARChives are more efficient than Squeezed files;
that's why there are so many more ARChives on
BBS's these days. Example of the extensions of
SQueezed files: .EQE, .CQM, .LQR, .TQT, .DQC,
etc.
ABBRV -- Abbreviation for the word: "abbreviation"
ARC -- File extension for an ARChive file -- many files
combined together to save space and download time
that require ARC.EXE, PKXARC.COM, ARCE.COM, or
ARCLS.EXE to separate the files in to runnable and
readable (in the case of text) form.
BAS -- Abbrv for "BASIC," as in the programming language
BBS -- Abbrv for "Bulletin Board System"
BBS's -- Abbrv for "Bulletin Board Systems"
BOARD -- Also "Bulletin Board System"
BOGUSWARE -- Software that is damaging to one or more parties
BOOT or -- To boot a computer is to restart it from scratch,
REBOOT erasing all TSR programs. One reboots by either
powering off and then back on, or pressing
Ctrl-Alt-Del at the same time.
BYTES -- Bytes measure the length of a file, with one byte
equaling one character in a file.
CACHE [disk] -- Area of memory set aside to hold recent data. All
programs then read recent data from that memory
rather than from disk.
CLUSTER -- A phyical block on all [hard] disks, composed of
sectors, that holds data.
COM -- File extension for a file that is executable from
DOS level
DD -- Abbrv for "dirty dozen"
DEBUG -- Either (V) to remove glitches in a program or (N)
the assembly language editor/compiler/disassembler
provided with DOS
DOC -- Abbrv for "documentation"
EMS -- Enhanced Memory Specification. An EMS card holds 2
MB extra mem.
EXE -- file extension for a file that is executable from
DOS level
FRAGMENT -- DOS physically saves files all over disks-not
continously this slows down drives and cause
problems for recovering deleted files or formatted
disks.
HACKED -- See "definitions" section
HIGH LEVEL
FORMAT -- This type of format is what most computer users
view as a regular DOS-format. That is, formatting
a disk using FORMAT.COM (included with DOS) is a
high level format.
IBM -- International Business Machines
IBM OR COMP -- IBM computer or a 99% or greater IBM Compatible
computer
KB -- Abbreviation for "KiloBytes," one Kb equals 1024
bytes
LBR -- Extension on Library files. Library files are
really many combined files like ARChives, but they
require different utilities to extract the
individual files. Some examples of such utilities
are LUU.EXE, LUE.EXE, LAR.EXE, AND ZIP.EXE. See
"ARC"
LOW LEVEL
FORMAT -- This type of format is only executed on a hard
disk, therefore most hard disk low-level format
programs come only with a hard disk controller
card. There are a few PD low-level formatting
packages, though. Most manufacturers low-level
format their hard drives at the factory. Low
level formatting is the first step in the three
part formatting process; the second step is to use
FDISK, and the third is to execute a high level
format.
MB -- Abbrv for "Megabytes," or "millions of bytes."
MISC -- Abbrv for "miscellaneous"
OPTIMIZE -- To make all files on a disk "contiguous," or
physically linked together on a [hard] drive.
PATCH -- A file that is patched (combined) into another
file to change the original file in some way
PD -- Abbrv for "Public Domain"
PKXARC -- Phil Katz's ARChive extracter
PIRATED -- See DEFINITIONS section in this issue.
RAM -- Abbrv for "Random Access Memory." (memory used by
software)
RBBS -- Abbrv for RBBS-PC, a type of BBS (Remote Bulletin
Board System)
ROM -- Abbrv for "Read Only Memory." (memory used by
hardware to boot)
SQUASHING -- File compression technique used by PKXARC but not
by SEA's ARC.EXE
SYSOP -- SYStem OPerator of a BBS
TROJAN -- See DEFINITIONS section in this issue.
TROJAN HORSE -- See DEFINITIONS section in this issue.
TSR -- Abbv for "Terminate, Stay Resident" Synonym =
"Memory Resident"
TXT -- Abbrv for "text"
USU -- Abbrv for "usually"
UNP -- Abbrv for "unprotect"
UNPROTECT -- An "unprotect file" is a patch file that results
in the breaking of copy protection (no doubt for
back up purposes).
UTIL -- abbrv for "utility"
VIRUS -- See definition section
WORM -- Trojan Horse
------------------------------------------------------------------
| Finally: |
------------------------------------------------------------------
If you have any additions or corrections for this list, send them
to Eric Newhouse at any of the following places. Please be sure
to leave the problem file name, size, and description. Please
note that the West LA PC-Store is currently DOWN. Thank You.
(in order of most frequented):
* The Crest RBBS/CAMS (213-471-2518) (1200/2400)
(160/50 MB) [ This is my board ]
D * The West LA PC-STORE (213-559-6954) (300/1200/2400)
(50 MB)
* The Up/Down PC-Board (213-398-5759) (300/1200)
(20 MB)
* The Source (leave E-mail to "Doctor File Finder" in IBM SIG
#4) Doctor File Finder (Mike Callahan) will
relay your name and update information to me.
-----------------------------------------------------------------
END.
|
|
