💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › hack9301.rpt captured on 2023-01-29 at 07:44:25.

View Raw

More Information

⬅️ Previous capture (2021-12-04)

-=-=-=-=-=-=-

  =========================================================================
                                    ||
  From the files of The Hack Squad: ||  by Lee Jackson, Co-Moderator,
                                    ||  FidoNet International Echo SHAREWRE
          The Hack Report           ||  Volume 2, Number 1
         for January, 1993          ||  Report Date: January 3, 1993
                                    ||
  =========================================================================

  Welcome to the first 1993 issue of The Hack Report.  This is a series
  of reports that aim to help all users of files found on BBSs avoid
  fraudulent programs, and is presented as a free public service by the
  FidoNet International Shareware Echo and the author of the report, Lee
  Jackson (FidoNet 1:382/95).

  This issue begins a brand new year for us here at Hack Central Station.
  As you will soon note, this report is quite a bit shorter that the last
  1992 issue.  This is due to all previously reported (and confirmed) files
  being removed from the list:  they are still listed in the file
  HACK92FA.RPT, which comes with the archive version of this report.  Only
  unsettled/unconfirmed listings from last year's issues are carried over.
  If you have a copy of the December report, please don't delete it, since
  you'll need it as a reference to previously reported files.

  There are quite a few important listings this time around, including a
  clarification of a file that has caused quite a bit of work for your Hack
  Squad.  Thanks to everyone who has helped put this report together, and
  to those that have sent in comments and suggestions.

  NOTE TO SYSOPS: The Hack Report may be freely posted as a bulletin on
  your BBS, subject to these conditions:

             1) the latest version is used,
             2) it is posted in its entirety, and
             3) it is not altered in any way.

  NOTE TO OTHER READERS: The Hack Report (file version) may be freely
  uploaded to any BBS, subject to the above conditions, and only if you do
  not change the filename.  You may convert the archive type as you wish,
  but please leave the filename in its original HACK????.* format.  The
  Hack Report may also be cross-posted in other networks (with the
  permission of the other network) as long as it meets the above conditions
  and you give appropriate credit to the FidoNet International Shareware
  Echo (and the author <g>).

  The idea is to make this information available freely.  However, please
  don't cut out the disclaimers and other information if you use it, or
  confuse the issue by spreading the file under different names.  Thanks!

  DISCLAIMER: The listings of Official Versions are not a guarantee of the
  files' safety or fitness for use.  Someone out there might just be
  sick-minded enough to upload a Trojan with an "official" file name, so
  >scan everything you download<!!!  The author of this report will not be
  responsible for any damage to any system caused by the programs listed as
  Official Versions, or by anything using the name of an Official Version.

  *************************************************************************

                    Much Ado about Telix - an Editorial

  Before we begin this month's carnage and mayhem, please allow me to clear
  up a question that has just about resulted in the total weardown of your
  Hack Squad's keyboard.

  When the December issue of The Hack Report was written, the latest
  official release of Telix was version 3.15, which still carried the Exis
  trademark.  At that time, the new owners of Telix, deltaComm, were in the
  process of beta testing a shareware upgrade to their program.  Since it
  is the official policy of this report not to advertise upcoming releases,
  and since the version number was not known to this reporter, the pending
  upgrade was not mentioned in the report.

  Within a week after the December issue came out, deltaComm released their
  upgrade.  They chose 3.20 as the new version number, which is (of course)
  their legal right.  Unfortunately, this happened to coincide with a
  previously reported hacked version number, which was listed in the
  December issue.

  Of course, the result of this was that there were many questions sent to
  Hack Central Station, all asking for confirmation of this new Telix that
  had been uploaded to the questioners' BBS systems, or seen on the
  questioners' favorite boards.  The response to all questions was the
  same:  the new version is legitimate, as long as it has deltaComm's logo
  and a release date of either December 10th or December 14th, 1992.

  This incident is entirely my fault:  it is my responsibility, as author
  of The Hack Report, to stay up to date on the latest official versions of
  files listed in this report.  I apologize for the inconvenience and
  uncertainty that this has caused, and I hope that all of you, as readers
  of this report, can forgive the oversight of a tired (and slightly
  underpaid <g>) reporter.

  =========================================================================

                              Hacked Programs

  Here are the latest versions of some programs known to have hacked copies
  floating around.  Archive names are listed when known, along with the
  person who reported the fraud (thanks from us all!).

   Program              Hack(s)            Latest Official Version
   -------              -------            -----------------------
   BNU FOSSIL Driver    BNU202                     BNU170
      Reported By: Amauty Lambrecht (2:291/712)    (not counting betas)
|                       BNU188B
|     Reported By: David Nugent (3:632/348),
                    Author of BNU

|  F-Prot Virus Scanner FP-205B                    FP-206B
|     Reported By: Bill Lambdin (1:343/45)

   PKLite               PKLTE201                   PKL115
|     Reported By: Wen-Chung Wu (1:102/342)

   PKZip                PKZ301                     PKZIP110
|     Reported By: Mark Dudley (1:3612/601)
|                  Jon Grimes (1:104/332)


|  Shez                 SHEZ72A                    SHEZ83
                        SHEZ73
      Reported By: Bill Lambdin (1:343/45)


|  Telix                Telix v3.20                TLX320-1
|                        (Prior to Dec. 1992)      TLX320-2
|                       Telix v3.25                TLX320-3
|     Reported By: Brian C. Blad (1:114/107)       TLX320-4
                   Peter Kirn (WildNet, via
                                 Ken Whiton)
                        Telix v4.00
                        Telix v4.15
      Reported By: Barry Bryan (1:370/70)
                        Telix v4.25
      Reported By: Daniel Zuck (2:247/30, via Chris
                    Lueders (2:241/5306.1)
                        MegaTelix
      Verified By Jeff Woods, deltaComm, Inc.
|       Please Note - the 3.20 release dated either December 10th
|       or December 14th, 1992, is legitimate:  any earlier file
|       calling itself v3.20 and carrying an Exis, Inc. trademark
|       is not legitimate.  Please thoroughly check your version
|       prior to sending questions to this reporter! <g>
                        Telix Pro
     Reported By: Jason Engebretson (1:114/36),
                   in the FidoNet TELIX echo

  =========================================================================

                                Hoax Alert:

| HW Mikael Winterkvist received a program from Kai Sundren (2:201/150)
| called RAOPT.  This file, which claims to "optimize" your RemoteAccess
| BBS files, appears to do nothing except read your USERS.BBS file and
| report how many users it has read.  The program itself says it should be
| run twice.  I don't know if Mikael did this, but I hope he didn't.
|
| The program contains a copyright for Continental Software and a version
| number of 1.11.  It also asks for registration.
|
| Mikael asked the author of RemoteAccess, Andrew Milner, whether or not
| the program was legitimate.  Andrew's response was a resounding No.  So,
| even though the file doesn't appear to do anything destructive, your Hack
| Squad advises you to delete it if you see it.


| Last year, a warning about a virus called PROTO-T was widely circulated.
| The message warned that the virus had the ability to hide in the RAM of
| VGA cards, hard disks, and "possibly, in modem buffers." It went on to
| warn that the virus was placed in two files:  one called "TEMPLE," and in
| a hack of PKZip, version "3.x".
|
| Your Hack Squad managed to obtain a copy of the hack of PKZip, PKZ305,
| and sent it to Bill Logan and Jeff White of the Pueblo Group for testing.
| Here, now, is the result of their efforts:
|
| Report for possible hack file PKZ305
|
|   Filename: PKZ305.EXE
|   Filesize: 110187
|   Filedate: 9-10-92
|   Filetime: 5:25p
|
|   =====================================================================
|
|   Contents of PKZ305.EXE:
|
|   PKSFX (R)   FAST!   Self Extract Utility   Version 1.1   03-15-90
|   Copr. 1989-1990 PKWARE Inc. All Rights Reserved. PKSFX/h for help
|   PKSFZ Reg. U.S. Pat. and Tm. Off.
|
|   Searching EXE: C:/VIRUS/PKZ305.EXE
|     Exploding: WHATSNEW.305  -AV
|     Exploding: OMBUDSMN.ASP  -AV
|     Exploding: ADDENDUM.DOC  -AV
|     Exploding: BENCH.DOC     -AV
|     Exploding: DEDICATE.DOC  -AV
|     Exploding: LICENSE.DOC   -AV
|     Exploding: MANUAL.DOC    -AV
|     Exploding: ORDER.DOC     -AV
|     Exploding: README.DOC    -AV
|     Exploding: PKUNZIP.EXE   -AV
|     Exploding: PKZIP.EXE     -AV
|     Exploding: AUTHVERI.FRM  -AV
|     Exploding: APPNOTE.TXT   -AV
|
|   Authentic files Verified!   # GPI257   PKWARE Inc.
|   Thank you for using PKWARE!  PKWARE Support BBS (414) 352-7176
|   If The -AV Code Is Not GPI257, Then You Have Downloaded A Hack Version
|   ======================================================================
|
|   CRC Results:
|
|   Searching ZIP: PKZ305.EXE
|
|    Length  Size  Ratio   Date    Time    CRC-32  Attr  Name
|    ======  ===== =====   ====    ====   ======== ====  ====
|      1094    727  34%  09-10-92  17:25  75959145 --w-  WHATSNEW.305
|       595    442  26%  09-10-92  17:25  167904ac --w-  OMBUDSMN.ASP
|      5487   2039  63%  09-10-92  17:25  af094473 --w-  ADDENDUM.DOC
|       908    621  32%  09-10-92  17:25  e0ed85ab --w-  BENCH.DOC
|       720    434  40%  09-10-92  17:25  253e799b --w-  DEDICATE.DOC
|      9366   3228  66%  09-10-92  17:25  c917b5c2 --w-  LICENSE.DOC
|    140642  34426  76%  09-10-92  17:25  4e0e8078 --w-  MANUAL.DOC
|      4701   1464  69%  09-10-92  17:25  6e20e127 --w-  ORDER.DOC
|       801    526  35%  09-10-92  17:25  191b5ddf --w-  README.DOC
|     27908  18815  33%  09-10-92  17:25  b86b40de --w-  PKUNZIP.EXE
|     35934  23943  34%  09-10-92  17:25  bcac5c03 --w-  PKZIP.EXE
|      1748    866  51%  09-10-92  17:25  fc23095e --w-  AUTHVERI.FRM
|     25811   8390  68%  09-10-92  17:25  4f35b70d --w-  APPNOTE.TXT
|    ====== ======  ===                                  =======
|    255715  95921  63%                                       13
|
|   ======================================================================
|
|   Results of ViruScan:
|
|   SCAN /NOMEM *.EXE
|
|   SCAN 8.9B97 Copyright 1989-92 by McAfee Associates.  (408) 988-3832
|   Scanning for known viruses.
|
|   Directory C:. contains 3 files.
|
|    No viruses found
|
|   SCAN 8.9B97 Copyright 1989-92 by McAfee Associates.  (408) 988-3832
|
|   =====================================================================
|
|   Compression test of PKZ305:
|
|   Compression of PKZ305 was comparable to PKZ193A
|
|   =====================================================================
|
|   Memory report:
|
|   The test machine had 655360 bytes total memory
|
|   Available memory remained at 583312 bytes free before and after
|   testing
|
|   =====================================================================
|
|   File activity:
|
|   Using DISKMON, the only files PKZ305 affected were the test
|   compression files (i.e., the ZIP file ZIPed and UNZIPed)
|
|   =====================================================================
|
|   Trojan activity:
|
|   None
|
|   =====================================================================
|
|   Virus activity:
|
|   VSHIELD loaded prior to testing, with no virus activity reported.
|   Complete scan of drive after test showed nothing.
|
|   =====================================================================
|
| So, this would seem to confirm earlier findings by Bill Lambdin that the
| hack of PKZip was nothing more than a hack.  Please note, however, that
| human nature has reigned supreme here - there are apparently 3 different
| viruses in circulation calling themselves Proto-T now.  None exhibit the
| behaviour described in the hoax warning, though.

  =========================================================================

                              The Trojan Wars

  The Trojan writers seem to have had a problem with RemoteAccess BBS
  systems last month, since several of the reported files were aimed at RA
  users.  To see what happened, read on.


| Frans Hagelaars (2:512/2) posted a message in several echos last month
| concerning a Trojan version of the Blue Wave Offline Mail Reader that had
| been circulating in his area.  According to the warning, the "hacked"
| version attacks your hard drive boot sector and partition table, and will
| then "play tricks" with RemoteAccess userlists and phone numbers.
|
| The filename of this version was not given in the report, nor was it made
| clear whether the BBS door or the Reader was involved.  If you have any
| questions about the security of your copy, remember that you can always
| obtain a safe copy from the BBS of the author, George Hatchew, at FidoNet
| address 1:2240/176, phone number 1-313-743-8464, or from any of the
| official distribution sites (which I believe are listed in the
| documentation for the program).


| Sylvain Simard sent a file to Hack Central Station called RAFIX.  The
| documentation of the file claims to fix "little bugs" in RemoteAccess BBS
| systems.  I looked inside the file with a hex editor and found the string
| "COMMAND /C FORMAT C:".  It would appear that the program intends to do
| more than fix your BBS.


| Michael Toth (1:115/220) forwards a report from David Gibbs, posted in
| his local Net115 SysOps Forum, concerning a file called ROLEX.  The copy
| which David obtained contained the Keypress [Key] virus, according to
| McAfee's ViruScan.  Probably an isolated incident, but be aware that such
| a file exists.


| Bill Dirks (1:385/17) has confirmed the sighting of the VGA BBS Ad Trojan
| reported by Stephen Furness (1:163/273).  Stephen saw the file under the
| name RUNME.  Bill reports it under the name ANSISCR, but containing the
| files RUNME.BAT, LOAD1.ANS, VGAC1.DAT, and VGAPAK.EXE.
|
| The batch file types out the LOAD1.ANS file, which contains a bit of
| profanity, and then renames VGAC1.DAT to VGAC1.BAT and runs it.  This
| apparently invokes VGAPAK.EXE, which is a self-extracting archive that
| contains the Yankee Doodle and AntiChrist viruses, among other things.
| It then does quite a few other surprises, eventually winding up by
| trashing your hard drive, a possibly non-functional keyboard, and a
| couple of viruses on your system.
|
| This is a very elaborate Trojan, in that most of the activity can't be
| detected until you reboot your system and see its results.  As Bill
| rightly says, "this isn't a very nice little program...."


| Another report from Bill Dirks involves an ANSI bomb called MUVBACK.  The
| file is described as a keyboard utility "similar to Doskey."  The bomb
| reprograms the D key of your keyboard to invoke DEBUG.  It feeds a script
| file to DEBUG which creates two short .com files:  due to a bug in the
| script, only one of them, EAT-ME.COM, actually works.  This new program
| overwrites the first 500 sectors of your hard drive.  If you press the
| spacebar instead of the D key, your system locks due to the bug in the
| script.  Bill also says the file contains a text file called ALAMER.TXT,
| written in German.  Quite ingenious, and also quite nasty.


| Rich Veraa (1:135/907) forwards a report by Victor Padron (1:3609/14) of
| yet another ANSI bomb, called REAPER.ANS.  The file, when typed at the
| DOS prompt (an if an ANSI driver which allows key redefinition is
| installed), turns your keyboard into an insult generator, attempts to
| format your hard drive by invoking the FORMAT program, and deletes files.
| In Victor's case, it deleted the files in his BBS directory.
|
| ANSI bombs are quite nasty when they have access to an ANSI driver, such
| as ANSI.SYS (supplied with most DOS releases), which allows the user to
| redefine their keyboard.  The bomb will take advantage of this and cause
| common keystrokes to be remapped to destructive commands.
|
| They can be thwarted in most cases by using an ANSI driver which either
| does not allow key redefinition, or which allows this feature to be
| disabled by the user.  ZANSI, NANSI.SYS, NNANSI.COM, and ANSIPlus are a
| few such drivers which your Hack Squad is aware of.  Also available is a
| driver called PKSFANSI, from PKWare, which works in tandem with any ANSI
| driver and traps out attempts to remap your keyboard.


| HW Nemrod Kedem received a file from a user called SPEED, which was
| described as a program to "check your PC speed."  Here's the file info:
|
|    FileName       Size       Date       Time    Attr    CRC-32
|   =========      ======   ===========  ======   ====   ========
|   SPEED.EXE        3134   23-Dec-1992   18:30   ...A   1E0AA3D7
|
| This program displayed the following on the screen when run:
|
|   Please wait while SystemDisk is checking for directories in disk...
|
|   @ECHO.
|
| ...and then proceeded to delete all files on drive C:, including
| directories.  Avoid this if you see it.


| Mike Wenthold (1:271/47) sent in a couple of reports.  The first involves
| a file called REDFOX, which is batch file that deletes all DOS and system
| files.  The second involves LOGIM613, which appears to be some sort of
| mouse driver package (I can't verify if it is a Logitech driver, even if
| the archive has LOGI as part of its name).  This probable isolated
| incident contains a file, MOUSE.COM, dated May 22, 1992, and 40681 bytes
| in size, which is infected with the VCL virus (according to McAfee's
| ViruScan v95).

  =========================================================================

                        Pirated Commercial Software

  Program                 Archive Name(s)     Reported By
  -------                 ---------------     -----------
| Psion Chess             3D-CHESS            Matt Farrenkopf (1:105/376)

| Battle Chess            CHESS               Ron Mahan (1:123/61)

| Commander Keen          _1KEEN5             Scott Wunsch (1:140/23.1701)
|  (part 5)

| Darkside (game)         DARKSIDE            Ralph Busch (1:153/9)

| F-Prot Professional     FP206SF             Mikko Hypponen
|                                              (mikko.hypponen@compart.fi)

| Over the Net            OTNINC1             Tim Sitzler (1:206/2708)
|  (volleyball game)

| Rack 'Em (game)         RACKEM              Ruth Lee (1:106/5352)

| SimCity (by Maxis)      SIMCTYSW            Scott Wunsch

  =========================================================================

                      ?????Questionable Programs?????

| First, a quick note - this section, along with the Information, Please
| section, are the only ones that have any information carried over from
| the 1992 report.  This is because many of the listings in these sections
| were not completely resolved when the last 1992 issue was published.  As
| usual, if anyone has any additional information on anything listed in
| these sections, _please_ help!


| HW Ken Whiton forwards messages from Harold Stein, Gary Rambo, and Gwen
| Barnes of Mustang Software, Inc., about a "patch" program aimed at
| OffLine Xpress (OLX) v1.0.  The patch is supposed to allow OLX to
| read and reply to Blue Wave packets, along with a lot of other seemingly
| unbelievable feats.  Gwen Barnes did not seem to know of the patch, but
| published the following advice in the WildNet SLMROLX conference to
| anyone considering trying it:
|
|   1. Make a complete backup of your system.
|   2. Make sure you've got all the latest SCAN stuff from McAfee
|   3. Try it, keeping in mind that it more than likely does nothing
|      at all, or is a trojan that will hose your system.
|   4. Get ready to re-format and restore from backups if this is in
|      fact the case.
|
| No filename was given for this patch.  If anyone runs across a copy of
| it, please contact one of The HackWatchers or myself so that we can
| forward a copy to MSI for testing.


| Another message forwarded to Ken by Harold, this time from Brent Lynch in
| the WildNet GAMES Conference, concerns a game under the filename SF2BETA.
| I believe Brent is referring to the game Stick Fighter II (or Street
| Fighter II), which has received considerable discussion in the FidoNet
| PDREVIEW and SHAREWRE echos.
|
| Brent implies that the game is by a company called Capcom, and says that
| while the game is in Vietnamese (some have described the language as
| either Chinese or Korean - no way to tell, since I haven't seen a copy),
| the setup for the game is in English.
|
| Some folks have guessed that some of the screens of this game were
| "captured" from a Nintendo or other game cartridge using a device called
| either a Genlock or a Super Magicom (I think).  While this might be legal
| for home use, it may well be illegal to distribute a file created in this
| manner.
|
| If someone can shed some light on this situation, please do so - it's
| starting to become very confusing.


| Bill Lambdin (1:343/45) reports that someone has taken all of McAfee
| Associates' antiviral programs and combined them into one gigantic (over
| 700k) archive.  He did not say whether the files had been tampered with,
| but he did send a copy to McAfee for them to dissect.  The file was
| posted under the filename MCAFEE99.  I would not suggest downloading this
| file:  as a matter of fact, this reporter prefers to call McAfee's BBS
| directly when a new version of any of their utilities comes out.  I
| highly recommend this method, since it insures that you will receive an
| official copy.


  HW Matt Kracht forwarded a message from Stu Turk in the DR_DEBUG
  echo about possible Trojans going around as PKZIP 2.21 and/or 2.22.  Stu
  also says that there is a warning about these in circulation.  If you
  have a copy of this warning, please send a copy to Hack Central Station
  (1:382/95).


  =========================================================================

                            Information, Please

  This the section of The Hack Report, where your Hack Squad asks for
  _your_ help.  Several reports come in every week, and there aren't enough
  hours in the day (or fingers for the keyboards) to verify them all.  Only
  with help from all of you can The Hack Report stay on top of all of the
  weirdness going on out there in BBSLand.  So, if you have any leads on
  any of the files shown below, please send it in: operators are standing
  by.


| Onno Tesink (2:283/318) has sighted a file called LHA255B.  This claims
| to be version 2.55b of the LHA archiver, with a file date in the
| executable of 12/08/92.  He compared the file to the latest known
| official release, v2.13, and found two additional program options which
| were mentioned when the program was invoked with no command line
| (generating a help screen).  The archive contained nothing but the
| executable file.  Viral scans were negative.
|
| I have not heard of any further development going on by the author of
| LHA, H. Yoshi, but that wouldn't be a first. <g>  If anyone knows of a
| new version of LHA, please contact your nearest HackWatcher and lend a
| hand.


| Travis Griggs (1:3807/4.25) forwarded a report from a local board called
| The Forum (phone number 1-318-528-2107) by a user named Susan Pilgreen.
| The message referred to a file called BOUNCE, which she said was infected
| with the Russian Mirror virus.  The file, according to Travis, claimed to
| be a game.  I would appreciate further confirmation of this sighting.


| Brian Keahl (1:133/524) stated in the VIRUS_INFO echo that a program
| called PC-Mix (no archive name given) is a commercial program that is
| being erroneously distributed as shareware.  HW Richard Steiner was
| contacted by Bill Ziegler (1:121/34), who says his copy appears to be the
| commercial program, but with a crippled manual to encourage registration.
| I think this is sufficient to resolve this situation.


| An update on a warning from Mark Stansfield (1:115/404), concerning
| the files KILL and PROTECT.  He claims that these delete the user's hard
| drive when run.  Dan Onstott (1:100/470) reported in the FidoNet SHAREWRE
| echo that he has a small utility called PROTECT.COM (205 bytes, dated
| 12-10-86), which is a write-protect utility for your hard drive.  He says
| he has never had a problem with it.  So, Mark's report may be an isolated
| incident.  If anyone else sees the files Mark mentioned, please advise.


  Bill Lambdin forwards a message from Mario Giordani in the ILink Virus
  Conference about two files.  The archives, called PHOTON and NUKE, are
  possibly droppers, containing a file called NUKE.COM which "will trash
  your HD."

| Pat Finnerty (1:3627/107) sent a reply to the last report of this,
| stating that he has a copy of a PC Magazine utility called NUKE.COM,
| which is used to remove subdirectories which contain "nested subs,
| hidden, read-only (you name it)."  He says that the command NUKE C:\ will
| effectively delete everything on a hard drive, with no chance of repair.
| This is merely the way the program is designed.

  I do not know if this is what happened in Mario's case, or if Mario
  actually found a copy (read: isolated incident) which was infected. Bill
  has asked Mario for further information, and I would like to echo his
  call for help.  If you know of this, please lend a hand.


  Another one forwarded by Bill comes from Michael Santos in the Intelec
  Net Chat conference, concerning a screen saver named IM.  This is only a
  "hearsay" report from one of Michael's friends, who says he downloaded it
  and wound up with a virus.  There is no way to tell if the infection came
  from the file itself or if it was already present on his friend's system.
  Once again, if anyone can clear this up, please do so.


  Ned Allison (1:203/1102) forwarded a report into the FidoNet DIRTY_DOZEN
  echo from a user of The Mailbox BBS in Cleveland (216/671-7534) named
  Rich Bongiovanni.  Rich reports that there is a file floating around
  called DEMON WARS (archive name DMNWAR52) that is "infected with a
  virus."  If true, this may be an isolated incident.  I would appreciate
  confirmation on this.


  Greg Walters (1:270/612) reports a possible isolated incident of a
  problem with #1KEEN7.  When he ran the installation, he began seeing on
  his monitor "what looked like an X-rated GIF."  The file apparently
  scanned clean.  Any information on similar sightings would be
  appreciated.


  A report from Todd Clayton (1:259/210) concerns a program called
  ROBO.EXE, which he says claims to apparently "make RoboBoard run 300%
  faster."  He says he has heard that the program fools around with your
  File Allocation Table.  I have not heard any other reports of this, so I
  would appreciate some confirmation from someone else who has seen similar
  reports.


  Kelvin Lawson (2:258/71) posted a message in the SHAREWRE echo about a
  possible hack of FEBBS called F192HACK.  I have not seen this file, nor
  has the author of FEBBS, Patrik Sjoberg (2:205/208).  He forwards the
  file sizes in the archive, reported here:

        Name          Length      Mod Date  Time     CRC
        ============  ========    ========= ======== ========
        FEBBS.EXE       220841    09 Mar 92 21:17:00 96D2E08D
        014734.TXT        1403    26 Aug 92 01:59:18 3B9F717F
        ============  ========    ========= ======== ========
        *total     2    222244    26 Aug 92 01:59:24

  Kelvin says the .TXT file is just an advert for a BBS, so it is "not
  relevant!".  As I said, the author of FEBBS has never seen this file, so
  I've asked Kelvin to forward a copy of it to him.


  Mark Draconis (1:120/324) has found a file called TELE214R, claiming to
  be the latest version of Teledisk.  He asked for verification in the
  FidoNet SHAREWRE echo of its status.  On this same line, Kelvin Lawson
  reports TELE215R.  Steve Quarrella (1:311/405) believes that the program
  has gone commercial, perhaps after version 2.12 or 2.13.  Your Hack Squad
  has no idea, and has not yet had a chance to call Sydex by voice.  Please
  help.


| Your Hack Squad has seen several references to a release of Scorched
| Earth calling itself v2.0 (SCORCH20).  The latest official version I am
| aware of is v1.21.  If someone can verify the latest release number,
| please do so.


  Andrew Owens (3:690/333.11) forwarded a report of a "Maximus BBS
  Optimiser (sic)," going under the filenames MAX-XD and MAXXD20. Scott
  Dudley, the author of Maximus, says he did not write any programs that
  have these names, but he does not know whether they are or are not
  legitimate third party utilities.  I have requested further information
  from Andrew on this topic, and would appreciate anyone else's
  information, if they have any.


  Yet another short warning comes from David Bell (1:280/315), posted in
  the FidoNet SHAREWRE echo, about a file called PCPLSTD2.  All he says is
  that it is a Trojan, and that he got his information from another
  "billboard" and is merely passing it on.  Again, please help if you know
  what is going on here.


  Bud Webster (1:264/165.7) reports an Apogee game being distributed under
  the filename BLOCK5.ZIP.  He says that the game displayed a message that
  said, "This game is not in the public domain or shareware."  There was
  only an .EXE file in the archive, and no documentation.  I need to know
  what the real name of this game is so that I can include it in the
  pirated files section (if necessary).


  A message in the FidoNet ASIAN_LINK echo from Choon Hwee (1:3603/263)
  grabbed my attention the moment I saw it: in capital letters, it said,
  "DO NOT RUN this file called MODTEXT.EXE, cause it is a TROJAN!!!".  He
  goes on to say that two BBSs have been destroyed by the file.  However,
  that's about all that was reported.  I really need more to go on before I
  can classify this as a Trojan and not just a false alarm (i.e., archive
  name, what it does, etc.).  Please advise.


  Greg Mills (1:16/390) posted a question to Robert Jung in the ARJ Support
  Echo (FidoNet) about a version of ARJ called 2.33.  It was unclear as to
  whether or not Mr.  Mills had seen the file.  Mr.  Jung has repeated that
  the latest version of ARJ is v2.30 (however, there is a legitimate public
  beta version numbered 2.39b).  It is possible that the references Greg
  saw about 2.33 were typos, but you never know.  Please help your Hack
  Squad out on this one - if you see it, report it.


  As the last item in this report, your Hack Squad could use some info on
  the TUNNEL screen saver.  Ove Lorentzon (2:203/403.6) reports that this
  is an internal IBM test program for VGA monitors.  HW Richard Steiner
  forwarded a message from Bill Roark (RIME address BOREALIS, Shareware
  Conference) that had some quoted text strings from the executable.  One
  says, "IBM INTERNAL USE ONLY."

  This file is extremely widespread, however, so I need to hear from
  someone who knows what IBM's position on this is.  Has IBM changed its
  mind and made it legal to distribute this via BBS?  If you know for
  certain, please advise.

  =========================================================================

                           The Meier/Morlan List

  For those of you who missed it last time, here is the list of files that
  were forwarded by Joe Morlan (1:125/28), as compiled by Wes Meier, SysOp
  of the WCBBS (1-510-937-0156) and author of the AUNTIE BBS system.  Joe
  says Wes keeps a bulletin of all rejected files uploaded to him and the
  reasons they were rejected.  Joe also says he cannot confirm or deny the
  status of any of the files on the list.

  I have included some of the files I can verify from this list in the
  Pirated Commercial Files section of this report.  However, there are some
  that I am not familiar with or cannot confirm.  These are listed below,
  along with the description from Wes Meier's list.

  Due to the unconfirmed nature of the files below, the filenames are not
  included in the columnar lists.  I would appreciate any help that
  anyone can offer in verifying the status of these files.  Until I receive
  some verification on them, I will not count them as either hacks or
  pirated files.  Remember - innocent until proven guilty.

  My thanks go to Joe and Wes for their help.

        Filename  Reason for Rejection
        ========  =============================================
        BARKEEP   Too old, no docs and copyrighted with no copy
                  permission.
        HARRIER   Copyrighted.  No permission to copy granted.
        SLORGAME  Copyrighted.  No docs.  No permission to copy
                  granted.
        NOVELL    Copyrighted material with no permission to
                  BBS distribute
        DRUMS     I have no idea if these are legit or not.  No
                  docs.
        SPACEGOO  STARGOSE in disguise.  Copyrighted.
        GREMLINS  No documantation or permission to copy given.
        NAVM      Copyrighted.  No permission to copy granted.
        TESTCOM   Copyrighted.  No permission to copy granted.
        CLOUDKM   A hacked commercial program.
        ANTIX     Couldn't make this work.  No docs.
        MEGAMAN   Copyrighted.  No docs.  No permission to copy
                  granted.
        MENACE    Copyrighted.  No docs.  No permission to copy
                  granted.
        AIRBALL   A hacked commercial program.
        WIN_TREK  No documentation.  No permission to copy.
        SNOOPY    Copyrighted.  No docs.  No permission to
                  copy granted.
        SLORDAX   Copyrighted.  No docs.  No permission to
                  copy granted.
        ESCAPE    Copyrighted.  No docs.  No permission to
                  copy granted.
        AFOX      A cracked commercial program.
        BANNER    Copyrighted.  No docs.  No permission to
                  copy granted.
        FIXDOS50  Copyrighted.  No permission to copy granted.
        WINGIF14  The author's documentation specifically
                  requests this file to not be distributed.
        INTELCOM  Copyrighted.  No docs.  No permission to
                  copy granted.
        3DPOOL    Copyrighted.  No docs.  No permission to
                  copy granted.
        387DX     Copyrighted.  No docs or permission to
                  copy granted.
        WINDRV    Copyrighted.  No permission to copy granted.

  =========================================================================

                             Acknowledgements

  My thanks go out this time to Tom Lane, SysOp of FLOTOM Enterprises
  (FidoNet 1:382/91), and Jim Westbrook, SysOp of JimNet (FidoNet 1:382/29)
  for their assistance in forwarding files sent to me through them.  It's a
  dangerous business, this, and I appreciate their willingness to help.

  *************************************************************************

                                Conclusion

  If you see one of these on a board near you, it would be a very friendly
  gesture to let the SysOp know.  Remember, they can get in just as much
  trouble as the fiend who uploads pirated files, so help them out if you
  can.

                          ***HACK SQUAD POLICY***

  The intent of this report is to help SysOps and Users to identify
  fraudulent files.  To this extent, I give credit to the reporter of a
  confirmed hack.  On this same note, I do _not_ intend to "go after" any
  BBS SysOps who have these programs posted for d/l.  The Shareware World
  operates best when everyone works together, so it would be
  counter-productive to "rat" on anyone who has such a file on their board.
  Like I said, my intent is to help, not harm.  SysOps are strongly
  encouraged to read this report and remove all files listed within from
  their boards.  I can not and will not take any "enforcement action" on
  this, but you never know who else may be calling your board.  Pirated
  commercial software posted for d/l can get you into _deeply_ serious
  trouble with certain authorities.

  Updates of programs listed in this report need verification.  It is
  unfortunate that anyone who downloads a file must be paranoid about its
  legitimacy.  Call me a crusader, but I'd really like to see the day that
  this is no longer true.  Until then, if you _know_ of a new official
  version of a program listed here, please help me verify it.

  On the same token, hacks need to be verified, too.  I won't be held
  responsible for falsely accusing the real thing of being a fraud.  So,
  innocent until proven guilty, but unofficial until verified.

  Upcoming official releases will not be included or announced in this
  report.  It is this Co-Moderator's personal opinion that the hype
  surrounding a pending release leads to hacks and Trojans, which is
  exactly the opposite of what I'm trying to accomplish here.

  If you know of any other programs that are hacks, bogus, jokes, hoaxes,
  etc., please let me know.  Thanks for helping to keep shareware clean!

Lee Jackson, Co-Moderator, FidoNet International Echo SHAREWRE (1:382/95)