amiga-news DEUTSCHE VERSION
.
Links| Forums| Comments| Report news
.
Chat| Polls| Newsticker| Archive
.

[Login] [Register] [Forgot your password??]

< Next messagePrior message >
09.Apr.2001
Thomas Würgler on ANF


Trojan Warning (Update II)
Some sort of trojan (apparently the newly uploaded stackattack.lha on Aminet) has caused SMTP bombing of haage-partner. The file is this: StackAttack.lha util/boot 68K 0 V1.2b Kills GURUs (stack problem). It's on the German Aminet mirror.
Could there be hidden loopholes in MorphOS? Read the link and consider for yourself.

Frank Niewiedzial informed us that other files could be affected too.
"Do not download and install safe.lha and fblit.lha. They are fakes and send hatemails to H&P."

Silivio K. told us that the current version of 'BlaceWCP' could be concerned too.
"The current version of BlaceWP, available from the aminet, opens the port 113 (auth) of your computer and connects to the H&P web- and ftpserver! The program itself is not a product of H&P. Thats why it could be possible that it is a trojan too.
The following logs were recorded:
tcp 0 0 pD9042BA5.dip.t-.auth haage-partner.co.61797 TIME_WAIT
16:00:46.081940 pD90427BC.dip.t-dialin.net.2865 > haage-partner.com.smtp
16:02:08.530618 pD90427BC.dip.t-dialin.net > 217.5.107.165: icmp: echo request
"

Annotation of editor's:
Haage & Partner confirmed that at the moment 15 e-mails arrive at H&P every minute. Juergen Haage: "Do not panic. No normal mail will get lost."

The MorphOS-Team has nothing to do with the virus and dissociate from this! "Lowest level, this is not our way of competition".

Even Georg Steger, the original author of StackAttack dissociates him self in his commentary at ANN.

Virus Help Denmark and the admin of the aminet Matthias Scheler are informed and they will check the files and maybe delete them.

At the title link there is a tool available that removes the task from the ram. After reboot it will be there again and you have to restart the tool.

Annotation: Messsage of the day from Aminet
  • TROJAN HORSES FOUND ON AMINET. The following four archives on Aminet were unfortunately infected: util/boot/StackAttack.lha, util/boot/BlazeWCP.lha, util/virus/Safe.lha and util/boot/FBlit.lha. They contain faked releases of the original software linked with a Trojan horse which sends out abusive e-mails. On infected systems a process called "zakahackandpatch" will show up. If your system is infected deleted the software listed abover or replace it with older versions and reboot. As a protest against this abuse of Aminet we will shut down our services on "us.aminet.net" and "de.aminet.net" until Friday.
  • DE3.AMINET.NET NOW COMPLETE. The mirror in Erlangen, Germany now stores all Aminet files.

Annotation 10.04.2001:
Following the official message by Virus Help Denmark. They are offering the old alten Archives at there homepage.

Four new 'TCP' trojans was found today on Aminet. If you installed one of these archives, please delete the files. We hope to have a cure for these trojan within the next 24 hours.
The TCP trojan will send an email to 'Haage & Partner', with a very stupid text.

Here is what we know so far:

Virus Type.... : TCP Trojan
Trojan name....: zakahackandpatch

Archive name.. : Safe.lha Archive size.. : About 20 kb
Archive name.. : Fblit.lha Archive size.. : 142.086 bytes
Archive name.. : BlazeWCP.lha Archive size.. : 32.862 bytes
Archive name.. : stackattack.lha Archive size.. : About 32 kb

Thanx to Frank Niewiedzial, Kev Harrison, Luca Longone and many more for your information about these archives..... (unk) (Translation: unk)

[News message: 09. Apr. 2001, 17:52] [Comments: 0]
[Send via e-mail]  [Print version]  [ASCII version]
< Next messagePrior message >

.
Masthead | Privacy policy | Netiquette | Advertising | Contact
Copyright © 1998-2021 by amiga-news.de - all rights reserved.
.